ISC2 Charleston Chapter - January 2021 Chapter Meeting
The ISC2 Charleston Chapter is pleased to announce that CloudKnox Security will be presenting at our chapter meeting next Thursday, 1/14/2021, at 6pm EST. Our speaker will be Mike Raggo. Mike is a Cloud Security Engineer and has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in products including Samsung, Checkpoint, and Netgear. His current research focuses on hybrid cloud security risks and threats. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
The title of Mike's presentation is "Cloud Infrastructure Cyber Kill Chain - Threats & Countermeasures"
Summary: Attackers are maturing their TTPs to now exploit over-permissioned identities within AWS, Azure, and GCP; resulting in very prominent breaches. In this session we’ll define a new Cloud Infrastructure Cyber Kill Chain and explore these TTPs to expose unique methods of lateral movement, privilege escalation, role-chaining, and more. Real world examples will be highlighted, as well as steps and a methodology for protecting against these attacks.
Please plan to attend to…
Learn about the state of cloud security and what factors lead to data breaches.
Learn how to identify the top permission risks across cloud providers.
Examine real world examples to learn practical approaches to exposing attacker's methods and compromise.
Explore a new methodology to protect against the new Cloud Infrastructure Cyber Kill Chain.